update

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/config/WebSecurityConfig.java

@@ -65,7 +65,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
 	@Override
 	public void configure(WebSecurity web) throws Exception {
-		web.ignoring().antMatchers("/usernameLogin", "/smsLogin", "/refreshToken", "/v2/api-docs","/loginIn","/code/*");
+		web.ignoring().antMatchers("/usernameLogin", "/smsLogin", "/refreshToken", "/v2/api-docs","/loginIn","/code/*","/user/setPassword","/user/updatePassword");
 	}
 
 	@Bean

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/dal/dao/SysUserDao.java

@@ -2,6 +2,7 @@ package com.ym.mec.auth.dal.dao;
 
 import com.ym.mec.auth.api.entity.SysUser;
 import com.ym.mec.common.dal.BaseDAO;
+import org.apache.ibatis.annotations.Param;
 
 public interface SysUserDao extends BaseDAO<Integer, SysUser> {
 
@@ -18,4 +19,11 @@ public interface SysUserDao extends BaseDAO<Integer, SysUser> {
 	 * @return
 	 */
 	SysUser queryByPhone(String phone);
+
+	/**
+	 * 修改密码
+	 * @param mobile
+	 * @param password
+	 */
+	void updatePassword(@Param("mobile") String mobile, @Param("password") String password);
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/service/SysUserService.java

@@ -41,4 +41,10 @@ public interface SysUserService extends BaseService<Integer, SysUser> {
 	 */
 	boolean deleteById(Integer id);
 
+	/**
+	 * 根据用户手机号修改密码
+	 * @param mobile
+	 * @param password
+	 */
+	void updatePassword(String mobile, String password);
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/service/impl/SysUserServiceImpl.java

@@ -89,4 +89,9 @@ public class SysUserServiceImpl extends BaseServiceImpl<Integer, SysUser> implem
 		return true;
 	}
 
+	@Override
+	public void updatePassword(String mobile, String password) {
+		sysUserDao.updatePassword(mobile,password);
+	}
+
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/web/controller/SmsCodeController.java

@@ -13,8 +13,6 @@ import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.bind.annotation.*;
 
 import javax.imageio.ImageIO;
@@ -112,10 +110,4 @@ public class SmsCodeController extends BaseController {
             out.close();
         }
     }
-    
-    @PostMapping("/query")
-    public Object query() {
-    	Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-        return succeed(authentication);
-    }
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/web/controller/TokenController.java

@@ -9,6 +9,9 @@ import com.ym.mec.common.entity.HttpResponseResult;
 import com.ym.mec.common.security.AuthUser;
 import com.ym.mec.common.security.SecurityUtils;
 import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiImplicitParam;
+import io.swagger.annotations.ApiImplicitParams;
+import io.swagger.annotations.ApiOperation;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.*;
@@ -49,6 +52,11 @@ public class TokenController extends BaseController {
 	private SysUserService userService;
     
     @PostMapping("/smsLogin")
+	@ApiOperation(value = "短信验证码的方式登录")
+	@ApiImplicitParams({ @ApiImplicitParam(name = "smsCode", value = "验证码", required = true, dataType = "String"),
+			@ApiImplicitParam(name = "clientSecret", value = "固定传 app", required = true, dataType = "String"),
+			@ApiImplicitParam(name = "clientId", value = "固定传 app", required = true, dataType = "String"),
+			@ApiImplicitParam(name = "phone", value = "手机号", required = true, dataType = "String") })
     public Object smsLogin(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
     	
     	String clientId = request.getParameter("clientId");
@@ -69,6 +77,7 @@ public class TokenController extends BaseController {
 		return null;
     }
 
+	@ApiOperation(value = "获取用户信息")
     @GetMapping("/api/queryUserInfo")
     public Object apiQueryUserInfo() {
 		AuthUser authUser = SecurityUtils.getUser();
@@ -79,6 +88,11 @@ public class TokenController extends BaseController {
     }
     
     @PostMapping("/usernameLogin")
+	@ApiOperation(value = "手机号密码方式登录")
+	@ApiImplicitParams({ @ApiImplicitParam(name = "password", value = "密码", required = true, dataType = "String"),
+			@ApiImplicitParam(name = "clientSecret", value = "固定传 app", required = true, dataType = "String"),
+			@ApiImplicitParam(name = "clientId", value = "固定传 app", required = true, dataType = "String"),
+			@ApiImplicitParam(name = "username", value = "手机号", required = true, dataType = "String") })
     public Object usernameLogin(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
     	
     	String clientId = request.getParameter("clientId");
@@ -90,7 +104,7 @@ public class TokenController extends BaseController {
         return succeed(accessTokenService.getAccessToken(clientId, clientSecret, authentication));
     }
 
-	@PostMapping(value = "/loginIn")
+	/*@PostMapping(value = "/loginIn")
 	//@PreAuthorize("hasAnyAuthority('sys_user_manage')")
 	public HttpResponseResult login(String username, String password, String clientId, String clientSecret) throws IOException {
 		String url = "http://auth-server/oauth/token";
@@ -111,9 +125,10 @@ public class TokenController extends BaseController {
 		ResponseEntity<String> resp = restTemplate.exchange(url, HttpMethod.POST, entity, String.class);
 
 		return succeed(objectMapper.readValue(resp.getBody(), Map.class));
-	}
+	}*/
 
 	@PostMapping(value = "/refreshToken")
+	@ApiOperation(value = "刷新token")
 	public HttpResponseResult refreshToken(String refreshToken, String clientId, String clientSecret) throws IOException {
 		String url = "http://auth-server/oauth/token";
 
@@ -135,6 +150,7 @@ public class TokenController extends BaseController {
 	}
 
 	@PostMapping(value = "exit")
+	@ApiOperation(value = "推出登录")
 	public HttpResponseResult logout(@RequestHeader(value = HttpHeaders.AUTHORIZATION) String authHeader) {
 		if (StringUtils.isBlank(authHeader)) {
 			return failed("退出失败，token 为空");

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/web/controller/UserController.java

@@ -9,6 +9,7 @@ import com.ym.mec.auth.web.controller.queryInfo.SysUserQueryInfo;
 import com.ym.mec.common.controller.BaseController;
 import com.ym.mec.common.security.AuthUser;
 import com.ym.mec.common.security.SecurityUtils;
+import com.ym.mec.common.validcode.SmsCodeService;
 import io.swagger.annotations.*;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -29,6 +30,8 @@ public class UserController extends BaseController {
 	private SysRoleService sysRoleService;
 	@Autowired
 	private SysUserRoleService sysUserRoleService;
+	@Autowired
+	private SmsCodeService smsCodeService;
 
 	/*@ApiOperation("根据用户名查询用户信息接口")
 	@ApiImplicitParam(name = "username", value = "用户名", required = true, dataType = "String", paramType = "path")
@@ -59,14 +62,71 @@ public class UserController extends BaseController {
 	@ApiOperation(value = "新增用户")
 	@PostMapping("/add")
 	public Object add(@RequestBody SysUser sysUser) {
-		Date date = new Date();
-		sysUser.setCreateTime(date);
-		sysUser.setUpdateTime(date);
-		sysUser.setPassword(new BCryptPasswordEncoder().encode(sysUser.getPassword()));
+//		sysUser.setPassword(new BCryptPasswordEncoder().encode(sysUser.getPassword()));
 		sysUserService.insert(sysUser);
 		return succeed();
 	}
 
+	@ApiOperation(value = "设置密码")
+	@PostMapping("/setPassword")
+	@ApiImplicitParams({ @ApiImplicitParam(name = "mobile", value = "手机号", required = true, dataType = "String"),
+			@ApiImplicitParam(name = "authCode", value = "验证码", required = true, dataType = "String"),
+			@ApiImplicitParam(name = "password", value = "密码", required = true, dataType = "String") })
+	public Object setPassword(@RequestBody HashMap<String,String> param) {
+		String mobile = param.get("mobile");
+		String authCode = param.get("authCode");
+		String password = param.get("password");
+		if(StringUtils.isEmpty(mobile) || StringUtils.isEmpty(authCode) || StringUtils.isEmpty(password)){
+			return failed();
+		}
+		SysUser sysUser = sysUserService.queryByPhone(mobile);
+		if(sysUser == null){
+			return failed("用户不存在");
+		}
+		if(smsCodeService.verifyValidCode(mobile, authCode)){
+			password = new BCryptPasswordEncoder().encode(password);
+			sysUserService.updatePassword(mobile,password);
+			return succeed();
+		}else {
+			return failed("验证码错误");
+		}
+	}
+
+	@ApiOperation(value = "修改密码")
+	@PostMapping("/updatePassword")
+	@ApiImplicitParams({ @ApiImplicitParam(name = "mobile", value = "手机号", required = true, dataType = "String"),
+			@ApiImplicitParam(name = "authCode", value = "验证码", required = true, dataType = "String"),
+			@ApiImplicitParam(name = "newPassword", value = "新密码", required = true, dataType = "String"),
+			@ApiImplicitParam(name = "password", value = "旧密码", required = true, dataType = "String") })
+	public Object updatePassword(@RequestBody HashMap<String,String> param) {
+		String mobile = param.get("mobile");
+		String authCode = param.get("authCode");
+		String password = param.get("password");
+		String newPassword = param.get("newPassword");
+		if(StringUtils.isEmpty(mobile) || StringUtils.isEmpty(authCode) || StringUtils.isEmpty(password) || StringUtils.isEmpty(newPassword)){
+			return failed("参数校验异常");
+		}
+		SysUser sysUser = sysUserService.queryByPhone(mobile);
+		if(sysUser == null){
+			return failed("用户不存在");
+		}
+		if(smsCodeService.verifyValidCode(mobile, authCode)){
+			if(StringUtils.equals(password,newPassword)){
+				return failed("新密码与旧密码一致");
+			}
+			BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
+			newPassword = bCryptPasswordEncoder.encode(newPassword);
+			if(bCryptPasswordEncoder.matches(password,sysUser.getPassword())){
+				sysUserService.updatePassword(mobile,newPassword);
+				return succeed();
+			}else {
+				return failed("密码错误");
+			}
+		}else {
+			return failed("验证码错误");
+		}
+	}
+
 	/*@ApiOperation(value = "删除用户")
 	@DeleteMapping("/del/{id}")
 	public Object del(@ApiParam(value = "用户编号", required = true) @PathVariable("id") Integer id) {
@@ -81,7 +141,6 @@ public class UserController extends BaseController {
 			Date date = new Date();
 			sysUser.setId(user.getUserId());
 			sysUser.setUpdateTime(date);
-			sysUser.setPassword(new BCryptPasswordEncoder().encode(sysUser.getPassword()));
 			sysUserService.update(sysUser);
 			return succeed();
 		}

mec-auth/mec-auth-server/src/main/resources/config/mybatis/SysUserMapper.xml

@@ -63,8 +63,8 @@
         </selectKey>
         -->
         INSERT INTO sys_user
-        (im_token_,id_,username_,password_,salt_,phone_,avatar_,organ_id_,create_time_,update_time_,lock_flag_,del_flag_,wx_openid_,qq_openid_,user_type_,gender_,nation_,birthdate_,email_)
-        VALUES(#{imToken},#{id},#{username},#{password},#{salt},#{phone},#{avatar},#{organId},#{createTime},#{updateTime},#{lockFlag},#{delFlag},#{wxOpenid},#{qqOpenid},#{userType, typeHandler=com.ym.mec.common.dal.CustomEnumTypeHandler},#{gender, typeHandler=com.ym.mec.common.dal.CustomEnumTypeHandler},#{nation},#{birthdate},#{email})
+        (im_token_,id_,username_,salt_,phone_,avatar_,organ_id_,create_time_,update_time_,lock_flag_,del_flag_,wx_openid_,qq_openid_,user_type_,gender_,nation_,birthdate_,email_)
+        VALUES(#{imToken},#{id},#{username},#{salt},#{phone},#{avatar},#{organId},now(),now(),#{lockFlag},#{delFlag},#{wxOpenid},#{qqOpenid},#{userType, typeHandler=com.ym.mec.common.dal.CustomEnumTypeHandler},#{gender, typeHandler=com.ym.mec.common.dal.CustomEnumTypeHandler},#{nation},#{birthdate},#{email})
     </insert>
 
     <!-- 根据主键查询一条记录 -->
@@ -86,9 +86,6 @@
             <if test="gender != null">
                 gender_ = #{gender, typeHandler=com.ym.mec.common.dal.CustomEnumTypeHandler},
             </if>
-            <if test="password != null">
-                password_ = #{password},
-            </if>
             <if test="salt != null">
                 salt_ = #{salt},
             </if>
@@ -125,6 +122,9 @@
         </set>
         WHERE id_ = #{id}
     </update>
+    <update id="updatePassword">
+        UPDATE sys_user SET password_ = #{password} WHERE phone_ = #{mobile}
+    </update>
 
     <!-- 根据主键删除一条记录 -->
     <delete id="delete">